Some CBI signing services are encountering errors
Resolved
May 24 at 11:39pm CEST
Signing services are back online! Thank you for your patience.
Affected services
CBI
Updated
May 23 at 06:49pm CEST
New compute resources have been provisioned, and the HSM has been connected. This was necessary because the services were previously running in a highly virtualized environment without access to hardware devices. We are now adapting the signing services to use the HSM as the key provider instead of the old keystore. Unfortunately, we no longer have an ETA as we keep encountering unexpected challenges. Thank you for your patience.
Affected services
CBI
Updated
May 23 at 10:49am CEST
The code-signing certificate deployed to production expired on May 21 at 23:59 UTC. Anything built and signed before this date remains valid. However, all signed JAR and PE32 (.exe, .dll) artifacts signed since May 22 are invalid due to the use of the expired certificate.
Efforts to update the certificate are ongoing. This update is not routine, as the secret key must now be stored on a Hardware Security Module (HSM), a new requirement from the codesigning Certificate Authorities. The use of the HSM requires significant effort to implement. We are hopeful to have it back in order by today, EOB (EDT).
Affected services
CBI
Created
May 22 at 02:09pm CEST
Jar signing and PE32 (.exe, .dll) signing services are impacted. We have identified the issue and are working on its resolution.
Affected services
CBI